19. Deployment Architecture¶
19.1 Components¶
┌─────────────┐ ┌───────────────┐ ┌─────────────────┐
│ Mobile App │ ──► │ Envoy │ ──► │ Vertical Backend│
└─────────────┘ └───────────────┘ └─────────────────┘
│
┌─────────────┐ ▼
│ POS/Scanner │ ──────────────────────────► ┌─────────────────┐
└─────────────┘ │ Identity │
│ Platform │
┌─────────────┐ └─────────────────┘
│ Personal │ ──────────────────────────────┤ │
│ Scanner │ │ │
└─────────────┘ │ │
▼ ▼
┌─────────────────────────────┐ ┌──────────────────────┐
│ Palm Vendors │ │ KYC Providers │
│ (via PalmVerifier Port) │ │ (via KYC Port) │
└─────────────────────────────┘ └──────────────────────┘
│ │
│ ┌─────────┬───┴──────┐
▼ ▼ ▼ ▼
┌──────────────────────┐ ┌──────┐ ┌──────┐ ┌──────┐
│ X-Telcom BioWave Pass│ │Nafath│ │Onfido│ │Sumsub│
└──────────────────────┘ └──────┘ └──────┘ └──────┘
Deployment = Identity Platform + paired verification server, running one palm model (§8.13). Under the large model matching is server-to-server through the
PalmVerifierport; under the small model devices' client SDKs match at the verification server directly and report results to the platform. A Platform Admin can migrate the deployment small→large (§8.14).
19.2 External Dependencies¶
| Service | Purpose |
|---|---|
| Social login | |
| Apple | Social login |
| SMS Gateway | OTP |
| Email Service | Password reset |
| Nafath | KYC (Saudi) — [POST-MVP], §7 |
| Onfido/Sumsub | KYC (Global) — [POST-MVP], §7 |
| X-Telcom BioWave Pass | Palm verification (sole vendor) |